A network device operating system is a software system that provides for the management of network components. The appropriate components of the network device operating system may be installed in each network component, thereby creating a single, unified infrastructure for managing resources through a network. The network components may be managed by an external party, e.g., a network management station (NMS), using the network device operating system. A network device operating system may connect different platforms, LAN segments, and networking components, such as, for example, standalone routers, router modules for shared-media hubs, switches, PC and workstation file servers, WAN access switches, and ATM-capable PBXs. Any network component that is capable of being managed by a management station is referred to herein as a managed device. Examples of NMS's include Campus Manager, available from Cisco Systems, Inc. of San Jose, Calif., and OpenView, available from Hewlett Packard Company of Palo Alto, Calif.
Management stations require information identifying various attributes of the managed device when performing management operations. Attributes are information stored on the managed device that specify a value for feature that may be managed. Some attributes are stored in SNMP MIB objects on the managed device. Non-limiting examples of attributes are a read only community string (RO), a read/write community string (RW), a telnet password, an enable password, and a local username. For example, for security reasons, a management station requires a SNMP write community string, a telnet password, and an enable password to upgrade a software image on the managed device. The management station needs the attribute information in performing such tasks as using a telnet command to contact the managed device and modifying the boot commands on the managed device so that the managed device boots with the new image.
If a management station does not have a complete set of correct attribute information for a managed device, then the management station will not be able to perform any operation that depends on a particular attribute for which the management station does not have a correct value. Accordingly, the management station initially records all the attribute information of the managed device to facilitate the management of the managed device. The management station maintains a set of attribute information for each managed device that the management station manages.
The management station relies upon the validity of the attribute information, maintained for a managed device by the management station, in the performance of management functionality. For example, once a device is managed by a management station, the management station may attempt to fetch the startup and running configurations of the managed device. However, if any of the attribute information of the managed device used by the management station in fetching the startup and running configurations of the managed device is incorrect (e.g., the telnet password is incorrect or the read/write community string is incorrect), then the fetch operation will fail. The attributes stored by the management station could be incorrect because another user has changed an attribute value at the device.
Storing an incorrect value for a first attribute value may prevent the management station from obtaining or verifying the correctness of values for other attributes. For example, in order to determine whether a value for a managed device's telnet enable password is correct, a management station may establish a telnet session with the managed device. After the telnet session is established with the managed device, the management station using the telnet session to verify whether the stored telnet enable password is correct. However, if the telnet session cannot be established with the managed device because the management station has stored an incorrect value of the telnet password, then the management station is unable to verify whether the telnet enable password is correct.
Additional problems may arise if a user of the managed device customizes any session prompts. For example, a user of a managed device may customize the prompts of a telnet session on the managed device. After a management station establishes a telnet connection with the managed device, if the prompts in the telnet session have been changed by a user, then the management station may interpret the attempt to communicate over the telnet session as a failure because the management station is dependent upon an expected prompt pattern in the telnet session. Thus, for every managed device that is managed by the management station, information about the prompt pattern needs to be stored and updated. However, users of the managed device are likely to customize the prompt pattern without knowledge of the management station, which impedes the ability of the management station to communicate with the managed device.
The read/write community string is an essential attribute for managing devices because it acts as a security credential; an SNMP agent in a managed device will not grant read/write access to a MIB in the device unless a requesting process provides the valid community string. Unfortunately, however, currently there is no way of verifying the correctness of the read/write community string. For example, an attempt by the management station to set a value on a particular attribute to verify the correctness of the read/write community string associated with the managed device would not be acceptable to the users of the managed device for security concerns.
Accordingly, there is a need for a method and mechanism that provides for verifying attribute information stored on managed devices without incurring the disadvantages of the prior art.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.